<?php

/*

Buy Item (buy_item.php)

*/

$page_title = "Buy Item";
$rank_check = 1;
include "header.inc.php";

$game=$_GET['game'];
$shop_id=$_GET['shop_id'];
$item_id=$_GET['item_id'];



$findDiscount = fetch("SELECT discount FROM discount_cards WHERE user = '$userid'");
$discountRate = "0%";
if ($findDiscount[discount])
{
	$discount = $findDiscount[discount];
	$discountRate = $discount * 100;
	$discountRate = "$discountRate%";
}

$findShop = fetch("SELECT id FROM official_shops2 WHERE id = '$shop_id' AND game = '$game'");
if (!$findShop[id])
{
	die(header(error("shops.php?game=$game", "That shop does not exsist in this game!")));
}
if (($findShop[premium_only] == 1) AND ($getInfo[premium] != 1))
{
	die(header(error("shops.php?game=$game", "Sorry $username, but the only way you can buy the items from this shop is if you are a premium member! Sorry! <a href=upgrade.php?game=$game>Upgrade?</a>")));
}


$find_item = mysql_fetch_array(mysql_query("SELECT * FROM shop_items2 WHERE id = '$item_id' AND game = '$game'"));
$find_item2 = mysql_fetch_array(mysql_query("SELECT * FROM items2 WHERE item_name = '$find_item[item_name]' AND game = '$game'"));
if ($discount) { $find_item[sell_for] = $find_item[sell_for] - round($find_item[sell_for] * $discount); }
if (!$find_item2[item_name]) { die("$openHTML<p>That isn't a real item.</p>$closeHTML"); }
if ($find_item[cur_stock] <= "0") { die("$openHTML<p>This item is out of stock, sorry!</p>$closeHTML"); }
if ($find_item[sell_for] > "$points") { die("$openHTML<p>You do not have enough $pointVar for this item.</p>$closeHTML"); }

// Start Check

$checking = "shopping";
$limit1 = 10;
$limit = $timestamp - $limit1;

$findCheck = fetch("SELECT * FROM checking2 WHERE userid = '$userid' AND check_what = '$checking' AND timestamp > '$limit' AND game = '$game'");

if ($findCheck[id])
{
	die("$openHTML<p>You can only purchase items from the stores every $limit1 seconds. <a href=$base_url/shopping.php?game=$game&shop_id=$shop_id>Back</a></p>$closeHTML");
}

if (!$findCheck[id])
{
	mysql_query("DELETE FROM checking2 WHERE userid = '$userid' AND check_what = '$checking' AND game = '$game'");
	mysql_query("INSERT INTO checking2 (userid,check_what,timestamp,game) VALUES ('$userid','$checking','$timestamp','$game')");
}

// End Check

if (($HTTP_REFERER != "$baseurl/shopping.php?game=$game&shop_id=$find_item[sell_in]") AND ($HTTP_REFERER != "$base_url2/shopping.php?game=$game&shop_id=$find_item[sell_in]")) { die("$openHTML<p>You were referred here from the wrong URL. <a href=$base_url/shopping.php?game=$game&shop_id=$id>Back</a></p> <p>$HTTP_REFERER - $baseurl/shopping.php$closeHTML"); }

mysql_query("UPDATE members2 SET points=$points-$find_item[sell_for] WHERE username = '$username' AND game = '$game'");

mysql_query("UPDATE shop_items2 SET cur_stock=$find_item[cur_stock]-1 WHERE id = '$item_id' AND game = '$game'");

mysql_query("INSERT INTO usersitems2 (owner,item_id,parts_left,game) VALUES ('$userid','$find_item2[id]','$find_item2[parts]','$game')");

mysql_query("INSERT INTO sales_logs2 (bought_from,bought_by,bought_item,bought_price,game) VALUES ('Official Shops $game','$userid','$find_item2[id]','$find_item[sell_for]','$game')");

print "$openHTML

<p align=center><a href=item_helper.php?game=$game>Item Helper</A> | <a href=myitems.php?game=$game>My Items</a> | <a href=mygallery.php?game=$game>My Gallery</a> | <a href=myshop.php?game=$game>My Shop</a> | <a href=battle_items.php?game=$game>Equipped Items</a> | <a href=safety_box.php?game=$game>Safety Box</a></p>

<p align=center>
<img src=images/user_images/opg_$game/items/item_$find_item2[id].gif><br>
<font size=+2>$find_item2[item_name]</font></p>

<p align=center>Congratulations $username! You bought the $find_item2[item_name] for $find_item[sell_for] $pointVar!</p>

<p align=center><a href=shopping.php?game=$game&shop_id=$shop_id>Back to the Shop!</a><br>
<a href=shops.php?game=$game>Back to Market</a></p>

$closeHTML";

?>